From 186971cab95e79186e5b5c13b5a72a2b0a46fe2b Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sun, 16 Mar 2025 13:50:12 +0100
Subject: [PATCH] Try fixing certificate renewal issue

Invoking a script from Apache httpd requires escalating privileges, and
setuid does not work for scripts.

But cron.daily runs as root, and it should be enough.

Also remove unnecessary require.

This solves 2 items from https://github.com/alexpdp7/alexpdp7/issues/28
---
 personal_infra/puppet/modules/proxmox/manifests/proxy.pp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
index d808121..5eb99f1 100644
--- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
@@ -4,7 +4,6 @@ class proxmox::proxy ($mail, $base_hostname) {
   service {'apache2':
     enable => true,
     ensure => running,
-    require => File['/usr/local/bin/notify_md_renewal'],
   }
 
   $apache_dep = {
@@ -24,7 +23,6 @@ class proxmox::proxy ($mail, $base_hostname) {
     MDomain $base_hostname auto
     MDCertificateAgreement accepted
     MDContactEmail $mail
-    MDNotifyCmd /usr/local/bin/notify_md_renewal
 
     <VirtualHost *:443>
       ServerName $base_hostname
@@ -35,7 +33,7 @@ class proxmox::proxy ($mail, $base_hostname) {
     * => $apache_dep
   }
 
-  file {'/usr/local/bin/notify_md_renewal':
+  file {'/etc/cron.daily/renew_md_certificates':
     content => @("EOT"/$)
     #!/bin/sh
 
@@ -46,7 +44,7 @@ class proxmox::proxy ($mail, $base_hostname) {
     done
     | EOT
     ,
-    mode => '4755',
+    mode => '0755',
   }
 
   service {'nagios':}
-- 
2.47.3